Crypt::CBC Padding Options

Padding options are described for the Crypt::CBC encryption process. There are 6 padding options supported by Crypt::CBC, 'standard' (i.e., PKCS#5), 'oneandzeroes', 'space', 'rijndael_compat', 'null', and 'none'.

I think we have learned enough about Crypt::CBC encryption options. We should look at what padding options are supported by Crypt::CBC. Padding is important, because our plaintext will not be multiple of 8-byte blocks most of the time.

In the Crypt::CBC manual, I see 6 padding options:

-padding => 'standard' - (default) Also called PKCS#5. Binary safe: Pads with the number of bytes that should be truncated. So, if blocksize is 8 bytes, then "0A0B0C" will be padded with "05", resulting in "0A0B0C0505050505". If the final block is a full block of 8 bytes, then a whole block of "0808080808080808" is appended.

-padding => 'oneandzeroes' - Binary safe: Pads with "80" followed by as many "00" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "8000000000000000" will be appended.

-padding => 'rijndael_compat' - Binary safe, with caveats: Similar to oneandzeroes, except that no padding is performed if the last block is a full block. This is provided for compatibility with Crypt::Rijndael only and can only be used with messages that are a multiple of the Rijndael blocksize of 16 bytes.

-padding => 'null' - Text only, not binary safe: Pads with as many "00" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "0000000000000000" will be appended.

-padding => 'space' - Text only, not binary safe: Pads with as many "20" necessary to fill the block. If the last block is a full block and blocksize is 8, a block of "2020202020202020" will be appended.

-padding => 'none': No padding added. Useful for special-purpose applications where you wish to add custom padding to the message.

Based on these descriptions, I think we should always go with the 'standard' option, which is the well known padding standard, PKCS#5. It is easy to use, binary safe, and supported by many encryption tools.

See the next tutorial for an example Perl script showing how different padding options works.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

Perl Crypt::CBC Module

 What is Crypt::CBC

 Installing Crypt::CBC 2.33 with ActivePerl

 Crypt::CBC Encryption with Literal Keys

 Crypt::CBC Literal Key Error Cases

 Crypt::CBC Encryption with Crypt::Blowfish Objects

 Crypt::CBC Operation Simulation

 Crypt::CBC Encryption Verification

 Blowfish CBC 2-Block Test Vectors

 Crypt::CBC Prepending IV to Ciphertext

 Crypt::CBC Encryption with Salted Keys

 Crypt::CBC Salted Key Test Cases

 Crypt::CBC Secret Key and IV Algorithm

 Crypt::CBC Encryption with Random Salt

Crypt::CBC Padding Options

 Crypt::CBC Padding Option Tests

 Crypt::CBC Blowfish Encryption Summary

 Perl Crypt::CFB Perl Module

 OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

 OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

 PHP Mcrypt Extension for Blowfish

 Blowfish 8-Bit Cipher in PHP

 References

 Full Version in PDF/EPUB